Injections Attacks - amitbhilagude/userfullinks GitHub Wiki

  1. Injection attacks
    1. SQL Injection attacks: Passing 'OR''=' in password may allow SQl where true value.
    2. Non-SQl Injection attacks: Mongo DB API Query indexof
  2. Best practices
    1. Never throw SQL exceptions to users, attacker may find out how to do SQL injections attacks.
    2. Use of safe method of sql queries execution classes or second option is EF with Linq.
    3. Never trust input from user, it needs to be validated as you can